Tag Archives: component vulnerabilities

5 Years After Major DNS Flaw is Discovered, Few US Companies Have Deployed Long-term Fix


January 29, 2013 By
The Vigilant Application Owner

Network World – (International) 5 years after major DNS flaw is discovered, few US companies have deployed long-term fix. Very few U.S. online retailers, internet service providers (ISP), and financial institutions have implemented a major vulnerability in the Domain Name System (DNS), five years after the vulnerability was discovered. Source: http://www.networkworld.com/news/2013/012913-dnssec-266197.html

Continue reading...

Security Hole Found on IO, AC, SH, TM Domain Registrar Sites


January 28, 2013 By
The Vigilant Application Owner

Softpedia – (International) Security hole found on IO, AC, SH, TM domain registrar sites. Hacker recently uncovered a vulnerability in the Web sites of domain registrars who oversee the .io (Indian Ocean), .tm (Turkmenistan), .ac (Ascension Island), and .sh (Saint Helena) domains that allow attackers to gain access – 8 – to DNS records. Source: […]

Continue reading...

PayPal Addesses Blind SQL Injection Vulnerability After Being Notified By Experts


January 22, 2013 By
The Vigilant Application Owner

Softpedia – (International) PayPal addresses blind SQL injection vulnerability after being notified by experts. About 5 months after being notified by cyber security experts, PayPal has fixed a security flaw on their Web site which was vulnerable to a Blind SQL Injection. Source: http://news.softpedia.com/news/PayPal-Addresses-Blind-SQL-Injection-Vulnerability-After-Being-Notified-by-Experts-323053.shtml

Continue reading...

Critical Security Vulnerability At Amazon Fixed


January 18, 2013 By
The Vigilant Application Owner

The H – (International) Critical security vulnerability at Amazon fixed. The Amazon Web site has fixed a cross-site scripting vulnerability which could have been used to inject malicious JavaScript code which allows 3rd-party access to various elements of a user’s account, including the shopping cart, history, name, and email address associated with the account. Source: […]

Continue reading...

Security Explorations Identifies Two Vulnerabilities In Java 7 Update 11


By
The Vigilant Application Owner

Softpedia – (International) Security explorations identifies two vulnerabilities in Java 7 Update 11. Security Explorations researchers discovered a pair of vulnerabilities in the newest version of Java that can allow attackers to perform – 7 – a complete sandbox bypass. Source: http://news.softpedia.com/news/Security-Explorations-Identifies-Two-Vulnerabilities-in-Java-7-Update-11-322390.shtml

Continue reading...

Drupal 7.19 and 6.28 Released To Address XSS, Access Bypass Flaws


January 17, 2013 By
The Vigilant Application Owner

Softpedia – (International) Drupal 7.19 and 6.28 released to address XSS, access bypass flaws. The developers of Drupal released Drupal 7.19 and Drupal 6.28, which address a cross-site scripting vulnerability and several access bypass vulnerabilities present in older versions. Source: http://news.softpedia.com/news/Drupal-7-19-and-6-28-Released-to-Address-XSS-Access-Bypass-Flaws-321861.shtml

Continue reading...

Expert Finds Security Holes In Sites Of Microsoft, Twilio and ProActive CMS


By
The Vigilant Application Owner

Softpedia – (International) Expert finds security holes in sites of Microsoft, Twilio and ProActive CMS. A security researcher discovered vulnerabilities in Web sites belonging to Microsoft and Twilio, as well as issues in ProActive content management system (CMS). Twilio and Microsoft addressed their respective cross-site request forgery and cross-site scripting vulnerabilities, while the ProActive CMS […]

Continue reading...

Red October Cyber Espionage Campaign Relied On Java Exploit To Infect Computers


January 15, 2013 By
The Vigilant Application Owner

Softpedia – (International) Red October cyber espionage campaign relied on Java exploit to infect computers. Researchers at Seculert analyzed the recently-discovered ‘Red October’ cyber espionage campaign and found that it had also utilized a Java vulnerability to disseminate malware. Source: http://news.softpedia.com/news/Red-October-Cyber-Espionage-Campaign-Relied-on-Java-Exploit-to-Infect-Computers-321319.shtml

Continue reading...

Oracle Responds To Warning On Java Vulnerability


January 13, 2013 By
The Vigilant Application Owner

International Business Times – Oracle has announced fixes for two flaws in its Java software. One research group says Java was responsible for half of all cyberattacks in 2012 that involved an exploited software bug. Last week, the Department of Homeland Security and security researchers said they had identified vulnerabilities in the software that could […]

Continue reading...